The following Fedora 19 Security updates need testing: Age URL 94 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 39 https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19 31 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-0574/flite-1.3-20.fc19 16 https://admin.fedoraproject.org/updates/FEDORA-2014-0621/graphviz-2.30.1-12.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0946/libmicrohttpd-0.9.33-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0934/memcached-1.4.17-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1004/ibus-chewing-1.4.6-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-1092/libreswan-3.8-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1326/perl-MARC-XML-1.0.2-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1377/moodle-2.4.8-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1475/mupdf-1.1-5.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-1559/xen-4.2.3-14.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1560/mingw-openssl-1.0.1e-5.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1516/openstack-nova-2013.1.4-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1648/lightdm-gtk-1.6.1-3.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 42 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-0847/ibus-1.5.5-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0946/libmicrohttpd-0.9.33-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-0752/firewalld-0.3.9.2-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-1151/hwdata-0.260-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1255/tigervnc-1.3.0-8.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1281/abattis-cantarell-fonts-0.0.15-1.fc19,caribou-0.4.13-1.fc19,dconf-0.16.1-1.fc19,file-roller-3.8.4-1.fc19,glib2-2.36.4-1.fc19,gmime-2.6.19-1.fc19,gnome-chess-3.8.5-1.fc19,gnome-color-manager-3.8.4-1.fc19,gnome-icon-theme-symbolic-3.8.3-1.fc19,gnome-mahjongg-3.8.1-1.fc19,gnome-mines-3.8.2-1.fc19,gnome-nibbles-3.8.1-1.fc19,gnome-robots-3.8.2-1.fc19,gnome-settings-daemon-3.8.6.1-1.fc19,iagno-3.8.3-1.fc19,json-glib-0.16.2-1.fc19,libgdata-0.13.4-1.fc19,libgee-0.10.5-1.fc19,libgtop2-2.28.5-1.fc19,libgweather-3.8.3-1.fc19,libnotify-0.7.6-1.fc19,libpeas-1.8.1-1.fc19,libsoup-2.42.3.1-1.fc19,libwnck3-3.4.7-1.fc19,nautilus-sendto-3.8.1-1.fc19,nemiver-0.9.5-1.fc19,orca-3.8.2-1.fc19,tali-3.8.2-1.fc19,swell-foop-3.8.2-1.fc19,vte3-0.34.9-1.fc19,vinagre-3.8.3-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1324/firefox-26.0-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1368/krb5-1.11.3-19.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1385/yum-3.4.3-132.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1438/libtool-2.4.2-23.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1451/pango-1.34.1-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-1524/procps-ng-3.3.8-11.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1564/libvorbis-1.3.4-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1599/libgsf-1.14.29-1.fc19 The following builds have been pushed to Fedora 19 updates-testing crypto-utils-2.4.1-48.fc19 httpd-2.4.7-1.fc19 ipython-0.13.2-3.fc19 librepo-1.0.0-3.fc19 lightdm-gtk-1.6.1-3.fc19 mingw-gnutls-3.1.18-1.fc19 open-mtools-1.0-1.fc19 openstack-nova-2013.1.4-6.fc19 php-pecl-apcu-4.0.3-1.fc19 python-pypump-0.4-3.fc19 python-whoosh-2.5.6-1.fc19 rubygem-net-http-persistent-2.9.1-1.fc19 scl-utils-20140127-1.fc19 system-config-language-1.4.0-8.fc19 uget-1.10.4-1.fc19 xflr5-6.09.06-1.fc19 Details about builds: ================================================================================ crypto-utils-2.4.1-48.fc19 (FEDORA-2014-1650) SSL certificate and key management utilities -------------------------------------------------------------------------------- Update Information: This update fixes two bugs: * Special characters were not escaped properly when executing keyutil. * Errors when executing keyutil would result in a crash rather than an error message. The certwatch man page has also been updated. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Joe Orton <jorton@xxxxxxxxxx> - 2.4.1-48 - update certwatch man page (#618421) * Mon Jan 27 2014 Joe Orton <jorton@xxxxxxxxxx> - 2.4.1-47 - genkey: escape passwords properly (#980859) - genkey: escape commas in subject (#803305) - keyutil: fix crashes when printing errors (#1045354) - drop requirement on mod_ssl/mod_nss again (#1057858) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057858 - DO NOT require mod_nss https://bugzilla.redhat.com/show_bug.cgi?id=1057858 [ 2 ] Bug #980859 - can't handle passwords with & https://bugzilla.redhat.com/show_bug.cgi?id=980859 [ 3 ] Bug #803305 - genkey fails due to segfault in keyutil https://bugzilla.redhat.com/show_bug.cgi?id=803305 [ 4 ] Bug #618421 - Undocumented and inaccurate certwatch options https://bugzilla.redhat.com/show_bug.cgi?id=618421 [ 5 ] Bug #1045354 - [abrt] crypto-utils: _IO_vfprintf_internal(): keyutil killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1045354 -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.7-1.fc19 (FEDORA-2014-1651) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: This update contains the latest release of the Apache HTTP Server, version 2.4.7. Numerous bug fixes and minor enhancements are included; for more information see: http://www.apache.org/dist/httpd/CHANGES_2.4.7 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 2.4.7-1 - update to 2.4.7 (#1034071) - mod_ssl: allow SSLEngine to override Listen-based default (r1537535) - load mod_macro by default (#998452) - add README to conf.modules.d - mod_proxy_http: add possible fix for threading issues (r1534321) - core: add fix for truncated output with CGI scripts (r1530793) -------------------------------------------------------------------------------- References: [ 1 ] Bug #998452 - Newly included mod_macro should be loaded upon startup https://bugzilla.redhat.com/show_bug.cgi?id=998452 [ 2 ] Bug #1034071 - httpd-2.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1034071 -------------------------------------------------------------------------------- ================================================================================ ipython-0.13.2-3.fc19 (FEDORA-2014-1641) An enhanced interactive Python shell -------------------------------------------------------------------------------- Update Information: Fix requires on python-setuptools -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 7 2013 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> - 0.13.2-3 - install into unversioned docdir (#993848) - R on setuptools for starting with pkg_resources (#994673) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.13.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Apr 10 2013 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> - 0.13.2-2 - Improve package descriptions (#950530) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037598 - python3-ipython-console is missing a dependency to python3-setuptools https://bugzilla.redhat.com/show_bug.cgi?id=1037598 -------------------------------------------------------------------------------- ================================================================================ librepo-1.0.0-3.fc19 (FEDORA-2014-1659) Repodata downloading library -------------------------------------------------------------------------------- Update Information: Fix gpg unittest. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 1.0.0-3 - Fix GPG unittests (expired key) -------------------------------------------------------------------------------- ================================================================================ lightdm-gtk-1.6.1-3.fc19 (FEDORA-2014-1648) LightDM GTK+ Greeter -------------------------------------------------------------------------------- Update Information: Fix potential denial of service. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.6.1-3 - CVE-2014-0979 (#149420,1049422) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049420 - CVE-2014-0979 lightdm-gtk: local DoS due to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1049420 -------------------------------------------------------------------------------- ================================================================================ mingw-gnutls-3.1.18-1.fc19 (FEDORA-2014-1629) MinGW GnuTLS TLS/SSL encryption library -------------------------------------------------------------------------------- Update Information: Version 3.1.18 (released 2013-12-20) * libgnutls: Updated code for AES-NI. That prevents an uninitialized variable complaint from valgrind. * libgnutls: Enforce a maximum size for DH primes. Version 3.1.17 (released 2013-11-23) * This release prioritizes the GCM ciphersuites over CBC, enables TPM support and fixes few other bugs on the current stable branch. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 26 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.18-1 - Update to 3.1.18 -------------------------------------------------------------------------------- ================================================================================ open-mtools-1.0-1.fc19 (FEDORA-2014-1621) Tools for testing IP multicast -------------------------------------------------------------------------------- Update Information: This package provides tools for testing Internet Protocol multicast. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009446 - Review Request: open-mtools - Tools for testing IP multicast https://bugzilla.redhat.com/show_bug.cgi?id=1009446 -------------------------------------------------------------------------------- ================================================================================ openstack-nova-2013.1.4-6.fc19 (FEDORA-2014-1516) OpenStack Compute (nova) -------------------------------------------------------------------------------- Update Information: Fix root disk leak in live migration - CVE-2013-7130 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Xavier Queralt <xqueralt@@redhat.com> - 2013.1.4-6 - Fix the patch for CVE-2013-7130 which was not backported properly * Fri Jan 24 2014 Xavier Queralt <xqueralt@xxxxxxxxxx> - 2013.1.4-5 - Require python-keystoneclient for api-paste - rhbz#909113 - Fix root disk leak in live migration - CVE-2013-7130 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055400 - CVE-2013-7130 OpenStack nova: Live migration can leak root disk into ephemeral storage https://bugzilla.redhat.com/show_bug.cgi?id=1055400 -------------------------------------------------------------------------------- ================================================================================ php-pecl-apcu-4.0.3-1.fc19 (FEDORA-2014-1654) APC User Cache -------------------------------------------------------------------------------- Update Information: Upstream changelog: - Fix various compatibility problems - Fix a few lingering faults - Remove experimental eval serializer - Fix iterator for compatibility -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.0.3-1 - Update to 4.0.3 (beta) - install doc in pecl doc_dir - install tests in pecl test_dir (in devel) - cleanup SCL stuff * Mon Jan 13 2014 Remi Collet <rcollet@xxxxxxxxxx> - 4.0.2-3 - EPEL-7 build -------------------------------------------------------------------------------- ================================================================================ python-pypump-0.4-3.fc19 (FEDORA-2014-1664) Python Pump.io library -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025601 - Review Request: python-pypump - Python Pump.io library https://bugzilla.redhat.com/show_bug.cgi?id=1025601 -------------------------------------------------------------------------------- ================================================================================ python-whoosh-2.5.6-1.fc19 (FEDORA-2014-1644) Fast, pure-Python full text indexing, search, and spell checking library -------------------------------------------------------------------------------- Update Information: Source updated to 2.5.6 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Robert Kuska <rkuska@xxxxxxxxxx> - 2.5.6-1 - Rebase to 2.5.6 -------------------------------------------------------------------------------- ================================================================================ rubygem-net-http-persistent-2.9.1-1.fc19 (FEDORA-2014-1631) Persistent connections using Net::HTTP plus a speed fix -------------------------------------------------------------------------------- Update Information: New version 2.9.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.9.1-1 - 2.9.1 -------------------------------------------------------------------------------- ================================================================================ scl-utils-20140127-1.fc19 (FEDORA-2014-1623) Utilities for alternative packaging -------------------------------------------------------------------------------- Update Information: Just a bunch of SCL related macro updates. A few rather small bugfixes A few rather small bugfixes -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Jan Zeleny <jzeleny@xxxxxxxxxx> - 20140127-1 - don't exclude provides from SCLs (#1056183) - don't generate scl-package(%scl) in macros.scl, it's already handled in dependency generator - add automatic Requires: %scl_runtime to every SCL package (#1054711) * Wed Jan 8 2014 Jan Zeleny <jzeleny@xxxxxxxxxx> - 20140108-1 - split _scl_prefix macro in two parts: scl_basedir and scl_vendor (#985233) - check if temp file is created (#1032666) - don't split command arguments containing white space (#1032666) - rename some attr rpm macros to stop confusing rpm (#1023625) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1054711 - Automatically generate %{?scl:Requires: %scl_runtime} https://bugzilla.redhat.com/show_bug.cgi?id=1054711 [ 2 ] Bug #1056183 - Excluding provides causes failures in collections https://bugzilla.redhat.com/show_bug.cgi?id=1056183 [ 3 ] Bug #985233 - split prefix macro in two parts https://bugzilla.redhat.com/show_bug.cgi?id=985233 [ 4 ] Bug #1032550 - scl command splits arguments with white-space https://bugzilla.redhat.com/show_bug.cgi?id=1032550 [ 5 ] Bug #1023625 - scl.attr screws up %__pkconfig_{provides,path} macros when building for non-SCL https://bugzilla.redhat.com/show_bug.cgi?id=1023625 -------------------------------------------------------------------------------- ================================================================================ system-config-language-1.4.0-8.fc19 (FEDORA-2014-1657) A graphical interface for modifying the system language -------------------------------------------------------------------------------- Update Information: Resolves:rh#1057681 - [abrt] gettext.py:93:c2py:ValueError: plural forms expression could be dangerous Some fixes backported from 1.4.1 rawhide release -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Parag Nemade <pnemade AT redhat DOT com> - 1.4.0-8 - Resolves:rh#1057681 - [abrt] gettext.py:93:c2py:ValueError: plural forms expression could be dangerous * Thu Jan 16 2014 Parag Nemade <pnemade AT redhat DOT com> - 1.4.0-7 - Resolves:rh#920025 -[abrt] tui_install.py:395:is_group_installed:GroupsError: No Group named spanish-support exists - Resolves:rh#1052331 - system-config-language traceback due to missing zulu-support package - Resolves:rh#974743 - Group named german-support missing - Resolves:rh#981968 - Georgian language (ka_GE) not available in Language selection - Resolves:rh#1043569 - OK button should be disabled always for the default selected language -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057681 - [abrt] system-config-language: gettext.py:93:c2py:ValueError: plural forms expression could be dangerous https://bugzilla.redhat.com/show_bug.cgi?id=1057681 [ 2 ] Bug #920025 - [abrt] system-config-language-1.3.5-19.fc18: tui_install.py:395:is_group_installed:GroupsError: No Group named spanish-support exists https://bugzilla.redhat.com/show_bug.cgi?id=920025 [ 3 ] Bug #1052331 - system-config-language traceback due to missing zulu-support package https://bugzilla.redhat.com/show_bug.cgi?id=1052331 [ 4 ] Bug #974743 - Group named german-support missing https://bugzilla.redhat.com/show_bug.cgi?id=974743 [ 5 ] Bug #981968 - Georgian language (ka_GE) not available in Language selection https://bugzilla.redhat.com/show_bug.cgi?id=981968 [ 6 ] Bug #1043569 - [ALL LANG] OK button should be disabled always for the default selected language https://bugzilla.redhat.com/show_bug.cgi?id=1043569 -------------------------------------------------------------------------------- ================================================================================ uget-1.10.4-1.fc19 (FEDORA-2014-1663) Download manager using GTK+ and libcurl -------------------------------------------------------------------------------- Update Information: New version 1.10.4 is released. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.10.4-1 - 1.10.4 (bug 1055090) - Update URL and summary (bug 1055092) - Not activate gnutls support for now * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.10.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055090 - Please update uGet package (repo=1.10.3 / current=1.10.4) https://bugzilla.redhat.com/show_bug.cgi?id=1055090 -------------------------------------------------------------------------------- ================================================================================ xflr5-6.09.06-1.fc19 (FEDORA-2014-1662) Analysis tool for airfoils, wings and planes -------------------------------------------------------------------------------- Update Information: Update to 6.09.06, see http://sourceforge.net/projects/xflr5/files/v6.09.06/ReleaseNotes.txt for details. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Sandro Mani <manisandro@xxxxxxxxx> - 6.09.06-1 - Update to 6.09.06 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
